Search in sources :

Example 1 with UserEntityPermissions

use of org.sagebionetworks.repo.model.auth.UserEntityPermissions in project Synapse-Repository-Services by Sage-Bionetworks.

the class DefaultControllerAutowiredAllTypesTest method testGetUserEntityPermissions.

@Test
public void testGetUserEntityPermissions() throws Exception {
    // First create one of each type
    List<Entity> created = createEntitesOfEachType(1);
    assertNotNull(created);
    assertTrue(created.size() >= EntityType.values().length);
    // Now update each
    for (Entity entity : created) {
        // Make sure we can get the annotations for this entity.
        UserEntityPermissions uep = ServletTestHelper.getUserEntityPermissions(dispatchServlet, entity.getId(), userName);
        assertNotNull(uep);
        assertEquals(true, uep.getCanDownload());
        assertEquals(true, uep.getCanEdit());
        assertEquals(true, uep.getCanChangePermissions());
        assertEquals(true, uep.getCanDelete());
        assertEquals(true, uep.getCanView());
        assertEquals(true, uep.getCanAddChild());
    }
}
Also used : Entity(org.sagebionetworks.repo.model.Entity) UserEntityPermissions(org.sagebionetworks.repo.model.auth.UserEntityPermissions) Test(org.junit.Test)

Example 2 with UserEntityPermissions

use of org.sagebionetworks.repo.model.auth.UserEntityPermissions in project Synapse-Repository-Services by Sage-Bionetworks.

the class AuthorizationManagerImpl method getUserPermissionsForEntity.

@Override
public UserEntityPermissions getUserPermissionsForEntity(UserInfo userInfo, String entityId) throws NotFoundException, DatastoreException {
    UserEntityPermissions permission = new UserEntityPermissions();
    Node node = nodeDAO.getNode(entityId);
    permission.setOwnerPrincipalId(node.getCreatedByPrincipalId());
    boolean parentIsRoot = nodeDAO.isNodesParentRoot(entityId);
    // must look-up access (at least to determine if the anonymous user can view)
    String permissionsBenefactor = nodeInheritanceDAO.getBenefactor(entityId);
    UserInfo anonymousUser = userManager.getUserInfo(AuthorizationConstants.ANONYMOUS_USER_ID);
    permission.setCanPublicRead(this.accessControlListDAO.canAccess(anonymousUser.getGroups(), permissionsBenefactor, ACCESS_TYPE.READ));
    boolean isCreator = node.getCreatedByPrincipalId().equals(Long.parseLong(userInfo.getIndividualGroup().getId()));
    // Admin and owner/creator get all
    if (userInfo.isAdmin() || isCreator) {
        permission.setCanAddChild(true);
        permission.setCanChangePermissions(true);
        permission.setCanDelete(true);
        permission.setCanEdit(true);
        permission.setCanView(true);
        permission.setCanDownload(true);
        permission.setCanEnableInheritance(!parentIsRoot);
        return permission;
    }
    // Child can be added if this entity is not null
    permission.setCanAddChild(this.accessControlListDAO.canAccess(userInfo.getGroups(), permissionsBenefactor, ACCESS_TYPE.CREATE));
    permission.setCanChangePermissions(this.accessControlListDAO.canAccess(userInfo.getGroups(), permissionsBenefactor, ACCESS_TYPE.CHANGE_PERMISSIONS));
    permission.setCanDelete(this.accessControlListDAO.canAccess(userInfo.getGroups(), permissionsBenefactor, ACCESS_TYPE.DELETE));
    permission.setCanEdit(this.accessControlListDAO.canAccess(userInfo.getGroups(), permissionsBenefactor, ACCESS_TYPE.UPDATE));
    permission.setCanView(this.accessControlListDAO.canAccess(userInfo.getGroups(), permissionsBenefactor, ACCESS_TYPE.READ));
    permission.setCanDownload(this.canDownload(userInfo, entityId));
    permission.setCanEnableInheritance(!parentIsRoot && permission.getCanChangePermissions());
    return permission;
}
Also used : Node(org.sagebionetworks.repo.model.Node) UserInfo(org.sagebionetworks.repo.model.UserInfo) UserEntityPermissions(org.sagebionetworks.repo.model.auth.UserEntityPermissions)

Example 3 with UserEntityPermissions

use of org.sagebionetworks.repo.model.auth.UserEntityPermissions in project Synapse-Repository-Services by Sage-Bionetworks.

the class ServletTestHelper method getUserEntityPermissions.

public static UserEntityPermissions getUserEntityPermissions(HttpServlet dispatchServlet, String id, String userId) throws ServletException, IOException {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    request.setMethod("GET");
    request.addHeader("Accept", "application/json");
    request.setRequestURI(UrlHelpers.ENTITY + "/" + id + UrlHelpers.PERMISSIONS);
    request.setParameter(AuthorizationConstants.USER_ID_PARAM, userId);
    dispatchServlet.service(request, response);
    log.debug("Results: " + response.getContentAsString());
    if (response.getStatus() != HttpStatus.OK.value()) {
        throw new ServletTestHelperException(response);
    }
    return (UserEntityPermissions) objectMapper.readValue(response.getContentAsString(), UserEntityPermissions.class);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) UserEntityPermissions(org.sagebionetworks.repo.model.auth.UserEntityPermissions)

Example 4 with UserEntityPermissions

use of org.sagebionetworks.repo.model.auth.UserEntityPermissions in project Synapse-Repository-Services by Sage-Bionetworks.

the class EntityBundleControllerTest method testGetEntityBundle.

@Test
public void testGetEntityBundle() throws NameConflictException, JSONObjectAdapterException, ServletException, IOException, NotFoundException, DatastoreException {
    // Create an entity
    Project p = new Project();
    p.setName(DUMMY_PROJECT);
    p.setEntityType(p.getClass().getName());
    Project p2 = (Project) entityServletHelper.createEntity(p, TEST_USER1);
    String id = p2.getId();
    toDelete.add(id);
    Study s1 = new Study();
    s1.setName(DUMMY_STUDY_1);
    s1.setEntityType(s1.getClass().getName());
    s1.setParentId(id);
    s1 = (Study) entityServletHelper.createEntity(s1, TEST_USER1);
    toDelete.add(s1.getId());
    Study s2 = new Study();
    s2.setName(DUMMY_STUDY_2);
    s2.setEntityType(s2.getClass().getName());
    s2.setParentId(id);
    s2 = (Study) entityServletHelper.createEntity(s2, TEST_USER1);
    toDelete.add(s2.getId());
    // Get/add/update annotations for this entity
    Annotations a = entityServletHelper.getEntityAnnotaions(id, TEST_USER1);
    a.addAnnotation("doubleAnno", new Double(45.0001));
    a.addAnnotation("string", "A string");
    Annotations a2 = entityServletHelper.updateAnnotations(a, TEST_USER1);
    // Get the bundle, verify contents
    int mask = EntityBundle.ENTITY | EntityBundle.ANNOTATIONS | EntityBundle.PERMISSIONS | EntityBundle.ENTITY_PATH | EntityBundle.ENTITY_REFERENCEDBY | EntityBundle.HAS_CHILDREN | EntityBundle.ACL;
    EntityBundle eb = entityServletHelper.getEntityBundle(id, mask, TEST_USER1);
    Project p3 = (Project) eb.getEntity();
    assertFalse("Etag should have been updated, but was not", p3.getEtag().equals(p2.getEtag()));
    p2.setEtag(p3.getEtag());
    assertEquals(p2, p3);
    Annotations a3 = eb.getAnnotations();
    assertFalse("Etag should have been updated, but was not", a3.getEtag().equals(a.getEtag()));
    assertEquals("Retrieved Annotations in bundle do not match original ones", a2, a3);
    UserEntityPermissions uep = eb.getPermissions();
    assertNotNull("Permissions were requested, but null in bundle", uep);
    assertTrue("Invalid Permissions", uep.getCanEdit());
    EntityPath path = eb.getPath();
    assertNotNull("Path was requested, but null in bundle", path);
    assertNotNull("Invalid path", path.getPath());
    PaginatedResults<EntityHeader> rb = eb.getReferencedBy();
    assertNotNull("ReferencedBy was requested, but null in bundle", rb);
    Boolean hasChildren = eb.getHasChildren();
    assertNotNull("HasChildren was requested, but null in bundle", hasChildren);
    assertEquals("HasChildren incorrect", Boolean.TRUE, hasChildren);
    AccessControlList acl = eb.getAccessControlList();
    assertNotNull("AccessControlList was requested, but null in bundle", acl);
}
Also used : AccessControlList(org.sagebionetworks.repo.model.AccessControlList) Study(org.sagebionetworks.repo.model.Study) EntityPath(org.sagebionetworks.repo.model.EntityPath) EntityHeader(org.sagebionetworks.repo.model.EntityHeader) UserEntityPermissions(org.sagebionetworks.repo.model.auth.UserEntityPermissions) Project(org.sagebionetworks.repo.model.Project) Annotations(org.sagebionetworks.repo.model.Annotations) EntityBundle(org.sagebionetworks.repo.model.EntityBundle) Test(org.junit.Test)

Example 5 with UserEntityPermissions

use of org.sagebionetworks.repo.model.auth.UserEntityPermissions in project Synapse-Repository-Services by Sage-Bionetworks.

the class EntityControllerTest method testGetUserEntityPermissions.

@Test
public void testGetUserEntityPermissions() throws JSONObjectAdapterException, ServletException, IOException, NotFoundException, DatastoreException {
    Project p = new Project();
    p.setName("UserEntityPermissions");
    p.setEntityType(p.getClass().getName());
    Project clone = (Project) entityServletHelper.createEntity(p, TEST_USER1);
    String id = clone.getId();
    toDelete.add(id);
    UserEntityPermissions uep = entityServletHelper.getUserEntityPermissions(id, TEST_USER1);
    assertNotNull(uep);
    assertTrue(uep.getCanEdit());
}
Also used : Project(org.sagebionetworks.repo.model.Project) UserEntityPermissions(org.sagebionetworks.repo.model.auth.UserEntityPermissions) Test(org.junit.Test)

Aggregations

UserEntityPermissions (org.sagebionetworks.repo.model.auth.UserEntityPermissions)17 Test (org.junit.Test)12 AccessControlList (org.sagebionetworks.repo.model.AccessControlList)7 Annotations (org.sagebionetworks.repo.model.Annotations)4 EntityPath (org.sagebionetworks.repo.model.EntityPath)4 Project (org.sagebionetworks.repo.model.Project)4 UserInfo (org.sagebionetworks.repo.model.UserInfo)4 EntityBundle (org.sagebionetworks.repo.model.EntityBundle)3 EntityHeader (org.sagebionetworks.repo.model.EntityHeader)3 Study (org.sagebionetworks.repo.model.Study)3 JSONObjectAdapter (org.sagebionetworks.schema.adapter.JSONObjectAdapter)3 ArrayList (java.util.ArrayList)2 AccessRequirement (org.sagebionetworks.repo.model.AccessRequirement)2 TermsOfUseAccessRequirement (org.sagebionetworks.repo.model.TermsOfUseAccessRequirement)2 JSONObjectAdapterImpl (org.sagebionetworks.schema.adapter.org.json.JSONObjectAdapterImpl)2 StringEntity (org.apache.http.entity.StringEntity)1 JSONObject (org.json.JSONObject)1 Synapse (org.sagebionetworks.client.Synapse)1 SynapseException (org.sagebionetworks.client.exceptions.SynapseException)1 SynapseForbiddenException (org.sagebionetworks.client.exceptions.SynapseForbiddenException)1